Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8489 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-8490 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-8491 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-8475 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484. | |||||
| CVE-2017-8477 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484. | |||||
| CVE-2017-8478 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2016-4585 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. | |||||
| CVE-2017-8479 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-8480 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2018-7740 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2019-03-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | |||||
| CVE-2018-20806 | 1 Phamm | 1 Phamm | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter). | |||||
| CVE-2019-6599 | 1 F5 | 1 Big-ip Access Policy Manager | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1.1, improper escaping of values in an undisclosed page of the configuration utility may result with an improper handling on the JSON response when it is injected by a malicious script via a remote cross-site scripting (XSS) attack. | |||||
| CVE-2017-8472 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Server 2012 | 2019-03-18 | 1.9 LOW | 5.0 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | |||||
| CVE-2017-7994 | 1 Podofo Project | 1 Podofo | 2019-03-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. | |||||
| CVE-2018-20322 | 1 Limesurvey | 1 Limesurvey | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6. | |||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2019-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | |||||
| CVE-2018-12100 | 1 Sonatype | 1 Nexus Repository Manager | 2019-03-18 | 3.5 LOW | 4.8 MEDIUM |
| Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS in multiple areas in the Administration UI. | |||||
| CVE-2017-18241 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-03-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | |||||
| CVE-2014-10079 | 1 Vembu | 1 Storegrid | 2019-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | |||||
| CVE-2018-20800 | 1 Otrs | 1 Otrs | 2019-03-18 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. | |||||
| CVE-2014-10078 | 1 Vembu | 1 Storegrid | 2019-03-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | |||||
| CVE-2018-20418 | 1 Craftcms | 1 Craft Cms | 2019-03-16 | 3.5 LOW | 4.8 MEDIUM |
| index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab. | |||||
| CVE-2017-5877 | 1 Dotcms | 1 Dotcms | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter. | |||||
| CVE-2017-5875 | 1 Dotcms | 1 Dotcms | 2019-03-15 | 3.5 LOW | 5.4 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter. | |||||
| CVE-2017-5876 | 1 Dotcms | 1 Dotcms | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter. | |||||
| CVE-2018-19391 | 1 Cobham | 4 Satcom Sailor 250, Satcom Sailor 250 Firmware, Satcom Sailor 500 and 1 more | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. | |||||
| CVE-2018-19394 | 1 Cobham | 4 Satcom Sailor 800, Satcom Sailor 800 Firmware, Satcom Sailor 900 and 1 more | 2019-03-15 | 3.5 LOW | 4.8 MEDIUM |
| Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file. | |||||
| CVE-2019-9711 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS. | |||||
| CVE-2019-9712 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.4. The JSON handler in com_config lacks input validation, leading to XSS. | |||||
| CVE-2019-9714 | 1 Joomla | 1 Joomla\! | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.4. The media form field lacks escaping, leading to XSS. | |||||
| CVE-2019-9751 | 1 Otrs | 1 Otrs | 2019-03-15 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm. | |||||
| CVE-2018-11412 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. | |||||
| CVE-2017-9061 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | |||||
| CVE-2017-9063 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | |||||
| CVE-2018-0494 | 4 Canonical, Debian, Gnu and 1 more | 6 Ubuntu Linux, Debian Linux, Wget and 3 more | 2019-03-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. | |||||
| CVE-2017-8514 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2019-03-14 | 3.5 LOW | 5.4 MEDIUM |
| An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | |||||
| CVE-2017-9083 | 1 Freedesktop | 1 Poppler | 2019-03-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. | |||||
| CVE-2018-20699 | 2 Docker, Redhat | 2 Engine, Enterprise Linux Server | 2019-03-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | |||||
| CVE-2018-2416 | 1 Sap | 1 Identity Management | 2019-03-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | |||||
| CVE-2018-1000037 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. | |||||
| CVE-2018-1000069 | 2 Debian, Freeplane | 2 Debian Linux, Freeplane | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+. | |||||
| CVE-2018-1000040 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. | |||||
| CVE-2018-11690 | 1 Balbooa | 1 Gridbox | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2017-9140 | 1 Progress | 2 Sitefinity Cms, Telerik Reporting | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | |||||
| CVE-2017-15722 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | |||||
| CVE-2019-8953 | 1 Netgate | 1 Haproxy | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. | |||||
| CVE-2017-1000023 | 1 Logicaldoc | 1 Logicaldoc | 2019-03-14 | 3.5 LOW | 5.4 MEDIUM |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | |||||
| CVE-2017-15568 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. | |||||
| CVE-2017-15569 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. | |||||
| CVE-2017-15570 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2019-03-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | |||||